WordPress Paytm Payment Gateway Plugin <= 2.7.3 is vulnerable to SQL Injection
CVE-2022-45805

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Paytm Payment Gateway
Vendor: CVE Published:; 3 November 2023

Summary

The Paytm Payment Gateway has a vulnerability due to improper neutralization of special elements in SQL commands, allowing for SQL Injection attacks. This issue affects versions from n/a to 2.7.3, potentially enabling attackers to manipulate database queries and extract sensitive information, compromising the integrity and confidentiality of user data.

Affected Version(s)

Paytm Payment Gateway <= 2.7.3

References

https://patchstack.com/database/vulnerability/paytm-payme...

vdb-entry

EPSS Score

33% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2023
Vulnerability Reserved
Nov 23, 2022

Credit

Aman Rawat (Patchstack Alliance)